← back
CVE-2023-38028

Saho ADM100&ADM-100FP - Broken Access Control

CVSS 9.1 CRITICALEPSS 0.7%CWE-306
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.1EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
28 Aug 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication to read system information and operate user's data, but can’t control system or disrupt service.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →